e55aa3b1f43a1b4f862d1c73c4f72c434669859e404220fc3041dd672da06d57

Sharing

Copy URL

Twitter E-mail

General

Target

e55aa3b1f43a1b4f862d1c73c4f72c434669859e404220fc3041dd672da06d57
Size

1.8MB
MD5

8475106a82dc2a5c4c390a25032c20fb
SHA1

619679de38c7c436e5acf256c42e8e21b02e9d0b
SHA256

e55aa3b1f43a1b4f862d1c73c4f72c434669859e404220fc3041dd672da06d57
SHA512

f6a3fe24e92acf9928ec194af8d441240e317d4aecba2bb7988c1f0a34121785001279259df5968a168f96ad49b10778b7c6c7d8942a5af2cf96009b662dd4b0
SSDEEP

24576:uredO8gMHlEsdRnV+STuTwP/geyPRA1ug2yLGBdxtYgLZS6IgLXAaET6fgXpi4cH:C8jHVbnDGwnSXpySrzA6RXOtDcUi

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/NetDisabler网络切断器_v1.1.0.0_Single.exe

Files

e55aa3b1f43a1b4f862d1c73c4f72c434669859e404220fc3041dd672da06d57
.zip
NetDisabler网络切断器_v1.1.0.0_Single.exe
.exe windows:4 windows x86 arch:x86

48865db6b12ce71fbf2f83a8a6542ad8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNA
StrPBrkW
StrCmpIW
wnsprintfW
StrStrA
PathMatchSpecW
StrToIntExW
StrCpyNW
StrStrW
StrStrIW
StrRChrW
StrChrW
StrCmpNW
StrCmpNIA
StrCmpNIW

kernel32

GetCommandLineW
TerminateJobObject
GetExitCodeProcess
ResumeThread
AssignProcessToJobObject
CreateJobObjectW
GetOverlappedResult
ConnectNamedPipe
GetProcessId
GetShortPathNameW
WriteFile
LoadLibraryExW
SetNamedPipeHandleState
CreateNamedPipeA
SetFilePointer
DuplicateHandle
CreatePipe
CreateThread
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
LocalFree
GetVersionExW
CreateMutexA
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
GetModuleHandleW
WriteConsoleW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
SetCurrentDirectoryW
WinExec
WriteProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
MoveFileW
CopyFileW
GetProcessTimes
SetSystemPowerState
SetEndOfFile
GetLogicalDrives
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
SetFilePointerEx
GetVolumeNameForVolumeMountPointW
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SleepEx
OpenThread
WaitNamedPipeW
GlobalMemoryStatus
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersion
FileTimeToSystemTime
SystemTimeToFileTime
ReleaseSemaphore
ResetEvent
DisconnectNamedPipe
GetVolumeInformationW
GetDiskFreeSpaceW
lstrcmpiA
lstrcpyA
lstrcpynA
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
LCMapStringA
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
GetLongPathNameW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
GetTimeZoneInformation
SetFileValidData
TerminateThread
GlobalDeleteAtom
OpenEventW
SetThreadPriority
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
Beep
FindFirstFileW
VirtualQueryEx
GetThreadContext
SetThreadContext
VirtualProtectEx
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
MultiByteToWideChar
GetSystemInfo
VirtualQuery
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetFileType
SetStdHandle
HeapSize
GetVersionExA
RtlUnwind
ReadProcessMemory
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcatA
CreateDirectoryW
CreateProcessW
FindNextFileW
FlushFileBuffers
FindFirstVolumeW
CreateFileW
DeviceIoControl
FindNextVolumeW
FindVolumeClose
GetProcessAffinityMask
GetModuleHandleA
IsBadCodePtr
CompareStringA
CompareStringW
GetProcessHeap
HeapFree
GetModuleFileNameW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
WTSGetActiveConsoleSessionId
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindClose
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
RaiseException
IsBadReadPtr

user32

DrawEdge
DrawIconEx
GetFocus
GetActiveWindow
CreateDialogParamW
FindWindowExW
EnumWindows
UpdateWindow
IsChild
SetScrollInfo
ScrollWindow
MessageBoxTimeoutW
SetCapture
ReleaseCapture
ShowCursor
DrawIcon
SetMenu
CreateMenu
LoadBitmapW
SetWindowRgn
CreateIconFromResource
FindWindowW
LoadStringA
WindowFromPoint
ChildWindowFromPointEx
CharUpperA
IsWindowVisible
GetWindowInfo
CopyImage
DestroyCursor
GetClipboardData
IsWindowEnabled
CreateIconFromResourceEx
PtInRect
LoadImageW
SwitchToThisWindow
GetClassNameW
MessageBoxW
IsRectEmpty
EnumChildWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
FindWindowExA
GetForegroundWindow
AttachThreadInput
IsDialogMessageW
GetSysColor
DestroyIcon
LoadCursorW
SetCursor
RegisterWindowMessageW
GetWindowThreadProcessId
SetFocus
SetScrollPos
GetScrollInfo
GetWindowDC
IsIconic
GetMessageW
RegisterClassExW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
SetLayeredWindowAttributes
GetMenu
GetMenuItemCount
DialogBoxParamW
DefWindowProcW
LoadMenuW
RemoveMenu
InsertMenuW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
InvalidateRect
GetDlgItemTextW
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
EndDialog
EnumDisplaySettingsW
GetSubMenu
GetMenuItemID
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
LockWorkStation
mouse_event
MsgWaitForMultipleObjects
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
ExitWindowsEx
SendMessageTimeoutW
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
CharUpperW
SetThreadDesktop
SwitchDesktop
CloseDesktop
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
wsprintfA
LoadStringW
AppendMenuW
FindWindowA
GetLastInputInfo
PeekMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
WaitForInputIdle
GetSystemMenu
EnableMenuItem
GetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
KillTimer
SetTimer
SendMessageW
PostMessageW
OpenDesktopW

gdi32

RealizePalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
BitBlt
DeleteDC
CreateSolidBrush
AddFontResourceW
GetStockObject
SelectObject
SetBkMode
SetTextColor
SelectPalette
Polyline
GetTextMetricsW
Rectangle
CreateBitmap
CreatePen
Ellipse
CreateEllipticRgn
SetBkColor
ExtTextOutW
GetBkColor
CreateFontW
CreateRectRgn
GetPixel
CombineRgn
StretchBlt
GetObjectW
DeleteObject

advapi32

OpenSCManagerW
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
DeleteService
ControlService
SetServiceStatus
AbortSystemShutdownW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
RegCloseKey
RegCreateKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyExW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CheckTokenMembership
FreeSid

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
DragAcceptFiles
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiGetDeviceInstallParamsW
SetupDiChangeState
SetupDiSetClassInstallParamsW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

flag_dat
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
关注微信 - 更多福利.png
.png
- http://weixin.qq.com/r/wii4oJjEU8UsrdzD933Q
果核剥壳 - 全网更新最快.url
.url

Sharing

General

Malware Config

Signatures

Files

48865db6b12ce71fbf2f83a8a6542ad8

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.text Size: 659KB - Virtual size: 659KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 17KB

flag_dat Size: 512B - Virtual size: 19B

.rsrc Size: 551KB - Virtual size: 551KB

.text
Size: 659KB - Virtual size: 659KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 17KB

flag_dat
Size: 512B - Virtual size: 19B

.rsrc
Size: 551KB - Virtual size: 551KB